Back to search
CVE-2009-1077
Published: Mar 25, 2009
Modified: Sep 16, 2024
PUBLISHED
Description
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
x_refsource_CONFIRM
253267
vendor-advisory
x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1
x_refsource_CONFIRM
1021881
vdb-entry
x_refsource_SECTRACK
34191
vdb-entry
x_refsource_BID
http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
x_refsource_CONFIRM
ADV-2009-0797
vdb-entry
x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1
x_refsource_CONFIRM
34380
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now